Define an SLA and state why it is required in a risk adverse organization Essay

1. This is a closed-book, closed-notes test. No reference material (including assignments and labs) will be permitted for use during the quiz session. 2. The quiz contains the following types of questions* Short essay type3. Place your answers in the space immediately following each question.Quiz Questions1. Define an SLA and state why it is involve in a risk adverse organization. A SLA is a service level agreement, which is a contract between the ISP and the attach to. A SLA gives the comp either an idea of how much time they will be without services, should something happen with the ISP. A SLA is important to a company in making recovery plans, subtile what critical systems need to be available for a continuance of headache and formulation of disaster recovery.2. Using the user domain, define risks associated with users and explain what toilette be done to mitigate them. The user domain has several risks involved, as people are involved and there is no way employees grass be monitored without the use of CCTV. Social engineering a person trying to obtain information through vicious means. The great tool in mitigating risk in the user domain is dressing and reminders for users to be aware of their surroundings. No congenial users policy, AUP, or lack of readiness employees on the refuse usage of the network. User accounts go forth active, if the employee is terminated, and another employee has the log on credentials. Mitigation would to be disabling altogether user accounts upon termination. .3. Using the workstation domain, define risks associated within that domain and explain what can be done to reduce risks in that domain.The use of USBs or disk, the files could contain viruses and infect other files or applications on the network. No acceptable users policy, AUP, orlack of training employees on the correct usage of the network. The users staying signed into their accounts when leaving their desk. Session timeout would help with this risk, bu t training and follow up with need to be done as well.4. constitute four compliance laws or regulations or mandates, and explain them. HIPAA- covers all healthcare industries and states all patient information must be encrypted in storage, transmissions, and restrictions on access to the information.SOX- cover all publically traded companies and require auditing of the accounting procedures of the business. The reports required by SOX are reported to the SEC. Access to the financial information is limit and based on need to know.FISMA- covers political relation agencies and is to ensure all assets of the government are protected. Assets like information, operations and actual machinery are protected from hackers or internal threats. Guidelines to develop a security guideline for government agencies, requires fifty-fifty audits.CIPA-Child Internet Protection function- covers federally funded entities than provide internet services to individuals, schools and libraries. The Act requires content filters to be used to prevent children from being exposed to nocent content, pornography and illicit sites on the internet.5. Define risk with a formula. formulate what each variable means. Risk= Threat x Vulnerability- Threat is any compromise in the network that can be used for malicious behavior, an example worm, or Trojan horse. Vulnerability- is a weakness in the parcel or OS of a network that can be utilize for malicious intent. The two multiplied equals a risk to the information, assets or quick property of a business.